Lucene search
+L

180 matches found

NVD
NVD
added 2020/11/16 4:15 p.m.18 views

CVE-2020-27423

Anuko Time Tracker v1.19.23.5311 lacks rate limit on the password reset module which allows attacker to perform Denial of Service attack on any legitimate user's mailbox...

7.5CVSS7.6AI score0.06362EPSS
Exploits2References1
OSV
OSV
added 2020/11/16 4:15 p.m.5 views

CVE-2020-27422

In Anuko Time Tracker v1.19.23.5311, the password reset link emailed to the user doesn't expire once used, allowing an attacker to use the same link to takeover the account...

9.8CVSS7.3AI score0.07764EPSS
Exploits2References2
OSV
OSV
added 2020/11/16 4:15 p.m.6 views

CVE-2020-27423

Anuko Time Tracker v1.19.23.5311 lacks rate limit on the password reset module which allows attacker to perform Denial of Service attack on any legitimate user's mailbox...

7.5CVSS7.1AI score0.06362EPSS
Exploits2References1
NVD
NVD
added 2020/11/16 4:15 p.m.24 views

CVE-2020-27422

In Anuko Time Tracker v1.19.23.5311, the password reset link emailed to the user doesn't expire once used, allowing an attacker to use the same link to takeover the account...

9.8CVSS9.5AI score0.07764EPSS
Exploits2References2
Prion
Prion
added 2020/11/16 4:15 p.m.16 views

Design/Logic Flaw

Anuko Time Tracker v1.19.23.5311 lacks rate limit on the password reset module which allows attacker to perform Denial of Service attack on any legitimate user's mailbox...

5CVSS7.6AI score0.06362EPSS
Exploits2References1Affected Software1
Prion
Prion
added 2020/11/16 4:15 p.m.18 views

Design/Logic Flaw

In Anuko Time Tracker v1.19.23.5311, the password reset link emailed to the user doesn't expire once used, allowing an attacker to use the same link to takeover the account...

7.5CVSS9.5AI score0.07764EPSS
Exploits2References2Affected Software1
CVE
CVE
added 2020/11/16 3:49 p.m.71 views

CVE-2020-27422

CVE-2020-27422 affects Anuko Time Tracker v1.19.23.5311, where the password reset link sent by email does not expire after use, enabling an attacker to reuse the same link to take over a victim’s account. The vulnerability is evidenced in multiple sources (including exploit reports) and is mitiga...

9.8CVSS9.4AI score0.07764EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2020/11/16 3:49 p.m.31 views

CVE-2020-27422

In Anuko Time Tracker v1.19.23.5311, the password reset link emailed to the user doesn't expire once used, allowing an attacker to use the same link to takeover the account...

9.6AI score0.07764EPSS
Exploits2References2
CVE
CVE
added 2020/11/16 3:45 p.m.59 views

CVE-2020-27423

This CVE affects Anuko Time Tracker v1.19.23.5311, where the password-reset module lacks rate limiting, enabling a Denial of Service against any legitimate user’s mailbox. The root cause is an absence of rate limiting on the password reset flow. Public references indicate an exploit exists and de...

7.5CVSS7.5AI score0.06362EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2020/11/16 3:45 p.m.23 views

CVE-2020-27423

Anuko Time Tracker v1.19.23.5311 lacks rate limit on the password reset module which allows attacker to perform Denial of Service attack on any legitimate user's mailbox...

7.6AI score0.06362EPSS
Exploits2References1
Packet Storm
Packet Storm
added 2020/11/13 12:0 a.m.508 views

Anuko Time Tracker 1.19.23.5311 Missing Rate Limiting

Exploit Title: Anuko Time Tracker 1.19.23.5311 No rate Limit on Password Reset functionality Date: 2020-10-11 Exploit Author: Mufaddal Masalawala Vendor Homepage: https://www.anuko.com/ Software Link: https://www.anuko.com/time-tracker/index.htm Version: 1.19.23.5311 Patched Version: 1.19.23.5325...

0.1AI score0.06362EPSS
Exploits2
Packet Storm
Packet Storm
added 2020/11/13 12:0 a.m.523 views

Anuko Time Tracker 1.19.23.5311 Password Reset

Exploit Title: Anuko Time Tracker 1.19.23.5311 Password Reset Vulnerability leading to Account Takeover Date: 2020-11-11 Exploit Author: Mufaddal Masalawala Vendor Homepage: https://www.anuko.com/ Software Link: https://www.anuko.com/time-tracker/index.htm Version Tested: 1.19.23.5311 Patched...

0.07764EPSS
Exploits2
Packet Storm
Packet Storm
added 2020/11/10 12:0 a.m.256 views

Anuko Time Tracker 1.19.23.5325 CSV Injection

Exploit Title: Anuko Time Tracker 1.19.23.5325 - CSV/Formula Injection Date: 2020-10-17 Exploit Author: Mufaddal Masalawala Vendor Homepage: https://www.anuko.com/ Software Link: https://www.anuko.com/time-tracker/index.htm Version: 1.19.23.5325 Tested on: Kali Linux 2020.3 CVE: CVE-2020-15255...

6.5CVSS0.2AI score0.03504EPSS
Exploits3
Exploit DB
Exploit DB
added 2020/11/10 12:0 a.m.406 views

Anuko Time Tracker 1.19.23.5325 - CSV/Formula Injection

Exploit Title: Anuko Time Tracker 1.19.23.5325 - CSV/Formula Injection Date: 2020-10-17 Exploit Author: Mufaddal Masalawala Vendor Homepage: https://www.anuko.com/ Software Link: https://www.anuko.com/time-tracker/index.htm Version: 1.19.23.5325 Tested on: Kali Linux 2020.3 CVE: CVE-2020-15255...

8.7CVSS7AI score0.03504EPSS
Exploits3
CNVD
CNVD
added 2020/10/21 12:0 a.m.3 views

Anuko Time Tracker Injection Vulnerability

Anuko Time Tracker is an open source time counting system for individual developers. A platform for counting the time spent by employees on various tasks. A security vulnerability exists in versions prior to Anuko Time Tracker 1.19.23.5325, which stems from a failure to properly filter user input...

8.7CVSS6.8AI score0.03504EPSS
Exploits3References1
NVD
NVD
added 2020/10/16 5:15 p.m.20 views

CVE-2020-15255

In Anuko Time Tracker before verion 1.19.23.5325, due to not properly filtered user input a CSV export of a report could contain cells that are treated as formulas by spreadsheet software for example, when a cell value starts with an equal sign. This is fixed in version 1.19.23.5325...

8.7CVSS0.03504EPSS
Exploits3References4
OSV
OSV
added 2020/10/16 5:15 p.m.11 views

CVE-2020-15255

In Anuko Time Tracker before verion 1.19.23.5325, due to not properly filtered user input a CSV export of a report could contain cells that are treated as formulas by spreadsheet software for example, when a cell value starts with an equal sign. This is fixed in version 1.19.23.5325...

7.3CVSS6.6AI score
Exploits0References4
Prion
Prion
added 2020/10/16 5:15 p.m.18 views

Input validation

In Anuko Time Tracker before verion 1.19.23.5325, due to not properly filtered user input a CSV export of a report could contain cells that are treated as formulas by spreadsheet software for example, when a cell value starts with an equal sign. This is fixed in version 1.19.23.5325...

6CVSS6.9AI score0.03504EPSS
Exploits3References4Affected Software1
Cvelist
Cvelist
added 2020/10/16 4:20 p.m.29 views

CVE-2020-15255 CSV injection in Anuko Time Tracker

In Anuko Time Tracker before verion 1.19.23.5325, due to not properly filtered user input a CSV export of a report could contain cells that are treated as formulas by spreadsheet software for example, when a cell value starts with an equal sign. This is fixed in version 1.19.23.5325...

8.7CVSS8.4AI score0.03504EPSS
Exploits3References4
CVE
CVE
added 2020/10/16 4:20 p.m.64 views

CVE-2020-15255

CVE-2020-15255 affects Anuko Time Tracker prior to 1.19.23.5325, where a CSV export of a report could contain cells treated as formulas due to insufficient input filtering (CSV/Formula Injection). The underlying vulnerability is the lack of proper filtering of user input in exports, which could a...

8.7CVSS7.2AI score0.03504EPSS
Exploits3References4Affected Software1
Rows per page
Query Builder